Posted
by
samzenpus
on Monday October 01, 2012 @01:34PM
from the testing-the-waters dept.

New submitter clam666 writes "White House sources partly confirmed that U.S. government computers — reportedly including systems used by the military for nuclear commands — were breached by Chinese hackers. From the article: 'The attempted hack used 'spear phishing,' in which an attacker sends an email to a specific target that uses familiar phrases in hopes that the recipient will follow links or download attachments that unleash the hacker's malware. None of the White House's secure, classified computer systems were affected, said the official, who reached out to POLITICO after the Free Beacon story appeared — without having been asked for comment. Nor had there been any attempted breach of a classified system, according to the official.'"

.... between what happens to the chinese perpetrators and what has happened to Gary McKinnon over the years!

Why exactly is this modded as flamebait? It sounds like these breaches were actually more serious as they targeted computers involved in nuclear commands. How is that not more serious than what Gary McKinnon did?

If software had to go through the same rigorous background checks that the employees who use it have to at these facilities, I don't think IE6 would have gotten a security clearance. How is it that the government can refuse to grant a security clearance based on sexual orientation under the notion that it could be used to blackmail someone, but allow the use of software with a proven and highly publicized record of leaking information? What's more, people with security clearances are subjected to intense scrutiny -- their supervisors know about every little aspect of their lives, including that little dimple on the inside of your right thigh, yet routinely employ software that is essentially a big black box -- nobody knows how or why it works.

The government needs to start taking software review as seriously as it takes personnel review with regard to security clearances and access to classified and/or sensitive materials. From a security standpoint, it doesn't matter much whether it was a web browser or a person that passed information to an enemy; The end result is the same.

Many of our enemies are now seeing that it is comparatively less costly to exploit technology than people. You'd think we'd have learned this lesson after the second world war -- wasn't cracking Enigma enough of a wake up call?

They use Windows because of NTFS. In the late '90s it was the only file system able to pass the extremely stringent testing that DOD conducted. Of course Windows NT came with NTFS, and then with Win 2000 Active Directory and Group Policies made it possible to secure entire networks to a degree not possible with any other OS of the time. Since then it's been inertia to a great deal, but really what other system allows an administrator to secure 10,000 machines at one time?

Lots of people on this web site were around the industry in 2000, and remember what the industry was like then. What else were you going to use, FAT and Banyan Vines, or maybe Netware? Seriously, those of us who had to administer networks with hundreds of desktops jumped with joy when we found that we could lock down an entire group of (l)users' desktops so they couldn't fuck them up every week. Exchange 2000 allowed us to block attachments like ElfBowling.exe, which took out our SMTP server twice in a w

No matter how secure you think a network is, there's always some idiot that does something like:1. Upload 50 GB of downloaded music onto a secure network.2. Upload 1 TB of downloaded movies onto a secure network.3. General wants his/her Wikipedia fix, so there's one hole in the network security.4. General #2 wants to check his/her Fantasy Football team from a secure network, hole #2 in security.5. Etc. Etc. Etc.

So-called "secure" networks are nothing of the sort. They leak like a colander.

The "air-gap" in SIPRNet is what they tell you, and how they say that it works. How far do you trust the US government to be honest?

That fact aside, when a General says they want something, it happens. Perhaps the act of shifting 2 feet to the right to access a standard network computer is too far for them to move. Whatever their reasons, all a General needs to do is go find his S-6 and order PV2 Snuffy to plug in some cables so he/she can access whatever they want on any computer they want. Do you thin

"Next up, petitioning the White House to find out why the fuck nuclear control systems are on the internet..."

They aren't, (also Read The Fucking Article) but tech reporting and public ignorance in the US are so horrid that all PCs owned by the military are presumed to be connected to each other.

Hint:Unclassified networks are used for Unclassified activities, of which there are many. They are different from Classified networks of various types. The usual communications necessary to getting ordinary business done (ordering asswipe, telling folks physical training is rescheduled, what the fuck ever) don't go on command and control networks.

An office in one building may (shock, horror) have systems connected to DIFFERENT networks, technologically astounding as that concept may be.

freebeacon got its page hits (hence the sensationalist title) and you got modded Insightful for displaying no Insight.

I don't think it still is (it's probably 12345), but the idea was that it needed to be something that someone in the highest-stress situation possible (i.e. just about to kill a few million people and the likelihood that millions that he represents are already dead) would have to be able to remember it.

Unlikely. A large part of the US nuclear arsenal is actually on submarines these days. And if you really think a "cyber" attack could be so effective that not only the US but the entire NATO infrastructure could be permanently disabled (which is absurd outside of sci-fi) don't worry... the Brits still allow their subs to launch nukes at the discretion of the crew, yay!

So, a good enough attack would basically ensure the end of the world, so point #4 is pretty much

The initial report claimed that those were the systems that were compromised. The White House insider denied that those systems had been compromised, but confirmed that a non-classified network had been compromised.

More like: The air-force decided to make the Nuclear protection codes 50 diget, random ascii character monoliths imprinted on semi-holographic, impossible to put in a photo-copier keycards. After forgetting the card several times while going on vacation, several Generals got fed up, copied all the codes manually to a text file and stored it on their home PC and on their cellphones. Hackers got that text file. So while no classified networks were compromised, they still got the codes.imo, the best way to saf

The press is most likely wrong. I've been on the news a couple of times, and they always get something wrong.

Any classified info is airgapped, end of story. I can do drawings on the [system] on the same computer I'm using for/. The vast, vast majority of drawings are not classified. (I joke that part of the OpSec is that if we get captured, I tell them everything I know, and when they fall asleep, we tiptoe out of the room. "In this circuit, we use cable LS2SJ-14. But in this circuit, we went to LS2SJ-12. Hey, PAY ATTENTION!" So like I was saying, we used LS2SJ-12 here...) If I want to look at anything that's classified, or even something that's CG, I have to do the following:

1. Have the clearance and the need to know.2. Get a copy of the document sent to me, usually by FedEx.3. Get a supervisor and go to the secure room, sign in, close the blinds and the door.4. Get the HDD from the safe.5. Check the computer, then put in the HDD.6. Power up the computer. It's a stand-alone machine, that's what I was checking for.7. Work.8. Finish working. Print up stuff or burn it onto a disk. Fill out the form that shows that another copy of the material exists.9. Power down the machine and put the HDD back in the safe.10. Sign out of the secure room.11. Mail the printout or CD to whoever it was that wanted it.

And that's for CG stuff. The TS stuff is watched constantly by people with weapons.

If someone can hack their way into a system where the info is not only powered off, but in a separate room from the equipment that can read it, inside a safe, then it's time to give the fuck up.

That's funny. I was at a client site (aerospace contractor) doing some software training in the mid-2000s, and when I asked why IE wasn't working on the computer I was using to demonstrate something I was told, "Oh, that's a DoD station; use this one right next to it."

So it was sort of airgapped, but all that Men In Black access control you were talking about was nowhere in sight.

I've had similar experiences at other defense contractors, too; although in that case I wasn't allowed to actually use the clas

How does the US know the actual nationality of the hackers and not just their end-proxy?

The US have been trying to insinuate a cyber-war for years now, and never said how they know who's behind it (if you said the *ATTACK* came from China, fair enough - to say it ORIGINATED there is more of a stretch, and to say it was Chinese hackers is just ludicrous).

Of course we have suspicions and think we might know who's behind it and who owns the net-blocks, but what a wonderful way to discredit a nation and put the blame on someone else when you want to cyber-attack the US - just proxy through China and start WW3 when the US relatiates.

Really, US? How do you *KNOW*? On the scale that you can confidently state the Chinese "attacked" you (and coupled with your statements that cyber-attacks could be considered acts of war?)? You're REALLY that sure it was China that did it? That you can announce on the news that it was the country itself?

How does the US know the actual nationality of the hackers and not just their end-proxy?

Perhaps they have collaborating intel from another source (e.g., spies or signals intelligence).

Or do you just want to start a war with China for some reason?

I wouldn't be surprised if it was posturing for election rhetoric. Could have been done to preempt a GOP leak ahead of Wednesday's debate, or it could tie-in with Obama's recent "tough on China" talking points. I try not to follow this stuff too closely though, so take my speculation with a grain of salt...

How did they know? Easy! The e-mail went like this:"Hello Sir, very fine day indeed. I would like to inquire you buy cheap Sony cameras from our company. Not Chinese product, 100% original product. Please, look our offer in attached brochure.

I hope the day is very generous and we may come to agreement soon. Thank you!

First, it's important to note that the White House didn't confirm the suspected source. It was anonymous officials who said this appeared to originate "from China" -- take that as you will.

As you point out, an attack may appear to come from a particular (set of) IP address(es), network(s), or source(s). An attack may have a certain profile, or share a profile with other attacks. An attack may have an assumed motivation based on its target. The attacker(s) may even wish to make it appear that the attack is originating elsewhere.

Even if the "source" is established, is it a nation-state? Hacktivists? Nationalist hackers acting on behalf of government or at the government's explicit or implicit direction? Transnational actors? None of the above?

No one wants to "start a war" with China, but the error in balancing the cyber threat against the "hype" is assuming that all threats are bogus, or must be the result of hawks looking for neverending war, excuses to begin/escalate the next "Cold War", and similar. The threat from China is very real, long-established, and well-understood for anyone who cares to look. It has been discussed thoroughly, even for the Chinese, in their own strategic literature, and there are very public examples of China's offensive cyber capabilities. China's investment in offensive cyber capabilities comes because of the understanding that dominance of the information realm will essentially allow China to skip large chunks of military modernization and still be highly effective in any conflict with the United States.

Think of it this way: it's now assumed that the Stuxnet/Duqu/Flame family were created by the US and/or Israel. (Keep in mind that even overt admissions prove nothing, and can be self-serving...) Even before the books and articles about OLYMPIC GAMES, attribution was assumed because of the target and because of snippets of clues in the code. In general, why is that assumption any more or less valid than this? Is it because some are more inclined to believe that of course the US engages in cyber warfare; but any cyber attacks against us are suspect.

Of course, there are those who will assume that indications of any cyber attack will always be a "false flag" and/or used by those with ulterior motives who want war. It can't possibly be that there are aggressors who indeed want to attack the US, and who greatly benefit from the odd proclivity of those in free societies to see the enemy as their own government, while overlooking the actual adversary. Sun Tzu would be beaming.

"The senior leadership of the Chinese government increasingly views the competition between the United States and China as a zero-sum game, with China the likely long-range winner if the American economy and domestic political system continue to stumble, according to an influential Chinese policy analyst. China views the United States as a declining power, but at the same time believes that Washington is trying to fight back to undermine, and even disrupt, the economic and military growth that point to China’s becoming the world’s most powerful country."

Except that China's own worst enemy is itself. It will be interesting to see how much longer their government can continue its reign before corruption pulls it under in revolution. I'm a firm believer that all social groups such as family, tribes, corporations, all the way to entire systems of governance falls to corruption. The end result is inevitable. It's only a matter of time. The real question to ask is which form of government can withstand the corruption, fall, and cleansing process?

The corruption is at worst a symptom of a larger problem. China appears to be suffering from the same problems experienced by Japan on its way to surpassing the US as an economic superpower. Now, that didn't happen, did it? Japan faltered because for the longest time Japan was virtually a one-party state. Now look at that other "great" one-party state, the Soviet Union.

There are otther factors of course, such as Japan's graying population, a problem that China is also facing because of its ill-conceived one

...and who greatly benefit from the odd proclivity of those in free societies to see the enemy as their own government, while overlooking the actual adversary.

After noting your disclaimer and then reading your post, two thoughts occurred to me. First, that they've trained you well. Your response was concise, well-articulated, and you were careful to define the limits of what you know (and what, by extension, anyone could know from the data). As a US citizen, this is comforting to me. The information and understanding of our military is often sensationalized, spun, and twisted to serve particular political ends to the point that a clear picture of what our milita

Oh, and P.S. Thank you for your service. I would serve with you if I could, but at the time I would otherwise have been eligible to enlist, discrimination on the basis of sexual orientation was still legal and prevalent in our armed services. If I can't stand with you, the least I can do is stand behind you. Again, thank you.

There are ways to serve in a similar capacity without coming anywhere near traditional military.

True, but they require security clearances and background checks. I have no criminal record save a speeding ticket, but I fail every time; They still consider anyone who isn't heterosexual to be a security risk. They aren't allowed to say that's the reason for the denial, of course, but I've been told by enough people who hold or have held them it's still going to be awhile before people who are LGBT are considered equal in that area... like so many others. The other thing is, and it's something not many pe

No idea about the trans portion, but the LGB part? You need to be applying to the right contractors with the right agencies. With the explosion of security theatre post 9/11, there are many openings, and an American boy who likes to kiss boys (or American girl who likes to kiss girls) is pretty low on the list.

This might be more true in the uniformed services (though I've certainly worked with a pretty diverse array of people and ideas; perhaps not as diverse as our society at large, but diverse nonetheless) and a lot of direct federal government employment at some of the intelligence agencies, but it's definitely not true of contractors. What you're describing is true in agencies that have a very established and rigid culture, like has been developed for a lot of the federal law enforcement positions (such as FB

If a system administrator misconfigures a router and damages our information infrastructure, is that any less relevant than someone sticking C4 to the side of a power transmission tower to cause a similar amount of damage?

One word:

Intent.

Intent matters. That's why we punish people who kill someone or cause property damage, etc., intentionally, and don't punish those who do the same things, but don't do so intentionally (and also don't do so because of negligence or reckless disregard). It's the same result:

Well, again, you're pretty much right clear across the board. I guess the only thing I can say is, I think the reason people have lost perspective is because we don't see the whole production, just the highlight reel. It's not really newsworthy to report that everything went according to plan. I don't have absolute confirmation or proof that terrorists are out there, planning to include me in their next political statement. I don't need to either. I know that yes, there's probably some asshole in a cave rig

ok, you trolled me into reading that first page of that one article, and then replying when drunk and stoned. So I read that, particularly the last lines of the page. As you seem to be someone doing a good job of portraying themselves as a rational actor- How do _you_ think the issue should come down on whether or not it is the civilians or the military that should have the crown of control over the internet? You make some legitimate references to people who too easily dismiss the foreign threat in the n

The answer is simple: in our country and system of government, the military fundamentally, and as a matter of law, answers to civilian authorities.

That's not a simple answer at all. It's an easy 'corporate' line. But the truth is that strategic economic decisions made on the behalf of the US for the past 20 years have put China in a position to be able to use vast amounts of US currency to influence civilian businesses. But no, it's not like I think I'm telling you something you don't know. I just think that we deserve apologies from the companies that got rich selling out the human rights of the Chinese (e.g. the first public caving of Yahoo hand

1. I thought your Google manifesto was very good (I know it's a work in progress).2. I think you're reading WAY too much into certain things.

There is no grand conspiracy at play to "prevent people from running their own servers". There are many normal things on even client systems that can be described as a "server" such that the distinction is almost meaningless. Yes, there are plenty of traditional "server" and cloud services which many people use. The reason that Google has such langua

You do realize that even with proxies one can track down addresses right? Sorry, but if you get a few hundred thousand probes come in from addresses that belong to China, you can probably be sure that it's China making the attack. Here is why: The US generally reports these attacks to China and asks them to stop the attack, so the Chinese Government is aware of the attack. Being the Chinese Government, they can either investigate and shut it down, or allow it to happen. If they choose the latter, they

You make it sound so easy to hide, when in reality it's not. You are not talking about a secure services or networks like TOR, you are talking about open connections which are not obscured in most cases.

You also ignore the fact that even if it is originating elsewhere, and all you can do is find the origin and it happens to be in China.. are you saying China can't shut down the route? Working at a DOD contractor for almost a decade, this was routine. It's called "cooperatioin" and happens pretty often to

Wait, so there are only a couple ways that these could both be claimed:
1. Someone is lying
2. Our gov't is actually dumb enough to not classify & secure systems used by the military for nuclear commands
3. Someone is lying

Oops, forgot to mention that also we have White House staff checking their email on systems used by the military for nuclear commands and clicking on links in emails that say things like "Your order receipt" and have a.zip attachment...

Wait, so there are only a couple ways that these could both be claimed:
1. Someone is lying
2. Our gov't is actually dumb enough to not classify & secure systems used by the military for nuclear commands
3. Someone is lying
I'm guessing it's either 1 or 3.

No. See it's easy. Only the insecure, classified computer systems were affected!

With the amount of US Debt that China holds, Obama will say nothing and hope this goes away. At any other time and with any other Administration, we would be floating 2 carrier groups into the Sea of Japan and preventing any Chinese trade vessels from docking at our ports.

What're they going to do, stop buying US bonds? They're still one of the world's most stable investments. China getting into a disagreement with us won't change that much (though China deciding they're not as valuable could), so there will still be plenty of buyers. So the rate we're currently paying on bonds, which is incredibly low, will go up slightly? Big deal.

We sell bonds. As a result, we're not really beholden to the people who own that debt.

Second, the Libyan President went on TV 1 week after the attack and said it was a terrorist attack. With the enormous intelligence budget we give to all the various Three-Letter Agencies, the U.S. should have known before a fledgling country with no intelligence agencies.

Second, the Libyan President went on TV 1 week after the attack and said it was a terrorist attack. With the enormous intelligence budget we give to all the various Three-Letter Agencies, the U.S. should have known before a fledgling country with no intelligence agencies.

Oh yeah. Just like they did on September 10, 2001.

There's a country full of milling militias, any one (or more) which might seize an opportunity in a condition of general unrest. There's the possibility that one single militia had one single pre-prepared plan that they could roll out. There's the possibility that Al-Qaeda had a plan already set up and scheduled. Then again, there's a load of politically-based sensationalism a certain so-called "News" network wants to promote, which is basically trying to convince us that Osama, er, "Usama" bin Ladin personally led a wave of jihadis in a grand, pre-planned anniversary wave of jihadis - but only in one of the several unsettled countries making noise at that time.

Since when do we blindly believe what politicians say? Especially other people's politicians?

OK, I'm keeping an open mind. It's possible that this really was all an al-Qaeda plot. But I'd rather wait until the evidence was all collected, sifted and cross-checked. There's no ticking bomb here, and I'd really rather not have another pants-wetting rush to find ways to curtail our freedom just because some gang broke in and committed atrocities again.

How long will you excuse the stupidity before you realize that it's intentional? It took me quite a long time, and I ignored all the warnings from people around me at the time. Now that we have descended in to the state they predicted, bankrupted and near tyranny I get it.

Instead of wasting your time making excuses for them, do something productive. Go get some people you trust on ballots and campaign to get them in to offices, and get the turds out of the punch bowl.

And just to be clear, do you think Obama is just "Stupid" when he is spending 2 times what the Government income is every year? Does anyone not know what happens when they have 0 savings, and spend twice their income year after year? Come on now, you can't be that gullible can you?

Do you think that Fast and Furious was just a stupid idea, and of course ignore demand letters 1-3? I'm guessing so, because they are too stupid to make those kinds of mistakes intentionally right?

Have you bothered to study any history at all? Do you know what happens when a country goes bankrupt? I'm guessing not, since you seem to believe that it's no big deal. Go read some fooking history, the get back to us on the issue.

And to say it does not compare is completely asinine on your part, at least in the basics of an economy and budget. Since you fail to read history, I'm guessing that you really truly believe that comparing spending money I don't have is different between a Government and a Hou

Deficit spending is the same, no matter who's budget you are looking at. Whether Government or you at home, spending what you don't have with no plan to get out of debt ensures bankruptcy. The difference of course is a matter of whom gets fucked when the bankruptcy occurs, in which case a Government should never have been allowed to spend money it does not have since every citizen gets fucked over on a default. See here [wikipedia.org].

To claim there is no similarity without qualifiers screams of ignorance. If you had

Stupid talking point for dumb people, who don't realize that in real life, a crime can't be solve in 40 minutes, like on CSI: Miami.

It took me less than a minute to realize a coordinated attack on an embassy is not "spontaneous". If anything, it should be easier to determine the Embassy attack was "terrorism" (or at least coordinated and planned) than a Chinese hacker spearfished a certain person on a certain system at a certain time. Just because you stick your head in the sand and ignore warning signs of attack and indicators of planning, it doesn't mean the attack was spontaneous. Even during deployment in Iraq, I saw sugarcoating

First, there's a "smoking gun" in the breach. The attack's general incoming direction can easily be traced to china, which at least indicates a proxy's sitting there. That gives China an opportunity to cooperate (if it really wasn't the government, or at least if they have a scapegoat handy), leading to some diplomatic goodwill and good PR all around. In an assassination, the evidence takes far longer to work out and get a general direction from, and accusing another country of assassination is a

It's not so tough to look inside a payload and scoop out an address and say: oh look! Chinese! But that's not necessarily where the original attackers are from: they are from anywhere, but the address was in a Chinese CIDR block somewhere, on a system that may or may not have been externally controlled from anywhere in the world.

Politically, however, the finger was pointed at China. Whether it was pointed correctly or not isn't really known. For now, however, if you believe the WH, then it's Chinese. But Ch

Of course. That was a point I made in my second paragraph. Now China can step up and help, offering some token gesture of cooperation, like extracting/forging logs pointing in some other direction. This is a chance for diplomatic small-talk, where a little good-faith effort on a task that's meaningless in the long run can help hold off the prospect of an upcoming war with China.

China also has the opportunity to take this flimsy accusation as a grave insult, so they could start rattling sabers and head close

There are supposed to be secure channels for having informal diplomatic discussions that are kept private, where a conversation like the former could take place, but I suspect that diplomats are a bit wary [wikipedia.org] of making "private" comments these days. That leaves only the subtle dance of public politics, where the latter is likely.

I wonder if: the WH picks up a phone and calls somebody in the Chinese Embassy or straight to the right contact and says: yo, is this yours? Do you realize we interpret these things as an act of war?

US Diplomat: We have found out that there are attempts to gain access to US secure systems coming from Chinese controlled IP addresses. We take offense at this activity, and request that you cease immediately.

China Diplomat: The Peoples Republic abhor illegal and immoral activity, and in now way condone such behavior. While we are on the topic, we have discovered similar attacks on our systems coming from US controlled addresses.

US Diplomat: It is not the policy of the US to engage in clandestine cyber attacks on state controlled computer systems. We do not condone any such action.

Of course. That was a point I made in my second paragraph. Now China can step up and help, offering some token gesture of cooperation, like extracting/forging logs pointing in some other direction.

This was a state acting, as cyber criminals likely don't care about nuclear delivery infrastructure. Assuming that I am a black hat in the official service of state intelligence attempting to compromise highly sensitive information, I am going to work through compromised foreign proxies ("I'm behind 7 proxies!"), burning one or more of them after each use, via drive wipes and deliberate infection with destructive viruses.

It seems weird that you would try something this daring directly from your home soi

No, what it means is some systems used by "Military for nuclear commands" are not classified systems. In any environment you will find both classified and unclassified systems, so it is no surprising that some systems used by them are unclassified.

Oh please! The DoD has been aware since, I don't know, the 1980s that anything important is not hooked up the public internet. I imagine that if they've been following their own doctrine, it's a treasonous offense to put any material not for public consumption on an internet-accessible machine, whether or not they think it's publicly accessible. Hell, it's been a long standing joke in the hacker / cracker communities -> "So tell me again, PH3@RMe, how you hacked a FBI / CIA / DoD server and got access to

You made a mistake, it took 2 weeks to accuse the right party instead of blaming our free speech, some corny movie that would struggle to be B quality and the awesome tolerance other cultures have for ours.

Madeleine Albright was just in Ohio campaigning for Obama, and she said it's a difficult situation to understand and that Romney was wrong in criticizing the White House because it takes time and investigation to determine what happened. I hoping someone would ask "why was they speaking about it before ha

What victim? The only victims are the 4 people who died. They died after 6 hours of fighting. There's an entire Brigade stationed in Italy, a few hours flight away. Where were the Marines to stage a rescue? Those 4 men died because of the administrations failures. We should have reminded the residents of Libya why the Marine Corps Song start with "From the halls of Montezuma to the shores of Tripoli."

Seriously. If the murder 3000+ Americans didn't put a dent in Saudi-US relations...

You're correct- It didn't put a dent in the relations the US has with a certain group of Saudis that hold power in their nation.

The ties of the powerful to any particular nation have been fading for a while now. The small groups in each wealthy nation across the world, groups that hold much of the assets and power, identify more with each other than their birth nations.

Remember the phrase "Any problem in computer science may be solved with another layer of abstraction"? Think of these groups of ridiculously wealthy and powerful people as a layer of abstraction placed above the nations of the world- In my opinion, the interactions between many nations that exist under this abstraction are largely attempts at scripted drama, random aberrations, or corrective actions brought about to manage those not yet aligned to the majority's interests.

I don't think it's any of this "New World Order" crap- It's just what people do, all the time: Those of similar socioeconomic position and means, with similar outlooks on how society should work, tend to clump together to their mutual benefit. I hang out with my neighbors, I belong to an investment group of similarly minded co-workers and friends that exist in roughly the same socioeconomic plane. If someone either fabulously wealthy or very poor were to join this group, it wouldn't work out very well.

I believe some of the extremely rich and powerful take this to a higher level in that they want to shape society to fit their own views, but this is the same principle writ large. I'm not trying to label this negatively or positively in regards to ethics or morality, just summarizing what I believe I have observed.

Very few people will click links from unknown sources, even in government.

However, when the email comes through saying it's from a common company such as Intuit or Chase (both of which have been used in phishing attacks I've seen lately), and comes from an email address from that domain, and looks legitimate (pictures and all), and it tells them that they can either click the link or type in the address, and can even address the target by name, most people won't think twice about clicking that little link t